Putting a lock on e-books
A new cold war looms over your right to read
By Siva Vaidhyanathan


                NEW YORK, July 19 -  Russian President Vladimir Putin and Chinese President Jiang Zemin were in the news this week, signing a treaty of "friendship and cooperation," spurred by their growing animosity toward the United States. America has always assumed the moral high ground over the way China and Russia trample the rights of their citizens to free expression. So it's pretty embarrassing that U.S. officials have arrested a Russian software engineer and charged him with a violation of a law he might have broken while working in Moscow - if he broke a law at all.

                       THE FEDERAL Bureau of Investigation Monday detained Russian software engineer Dmitri Sklyarov after he gave a speech about encryption at Defcon, an annual hacker convention in Las Vegas.
       Sklyarov, a programmer for the Moscow-based company ElcomSoft, was about to board a plane at the Las Vegas airport when federal agents accosted him. The FBI had a warrant issued last month from Federal District Court in San Francisco that charged Sklyarov with a criminal violation of the Digital Millennium Copyright Act (DMCA).
       After his arrest, Sklyarov was being held without bail in a Las Vegas jail. Officials were planning on transferring him to San Francisco soon.

       The old Cold War is over. Welcome to the new Cold War. It's not political. It's corporate. It's not ideological. It's pragmatic. It's not martial. It's digital. What's at stake are not lives. They are electronic books.
       Sklyarov made the mistake of revealing weaknesses in an encryption scheme that the software company Adobe employs in its electronic book reading program. His speech over the weekend outlined just how weak the Adobe system is, and how easy it is to crack.
       But talking about decryption was not his crime. Sklyarov was arrested for composing the software that unlocks the Adobe eBook Reader encryption system. His software turns protected digital eBook files into the common and easily accessible Portable Document Format (PDF). Until recently, Sklyarov's company sold copies of the decryption software, called Advanced eBook Processor, for $99.

                       Adobe has been battling Elcomsoft for months. Adobe had to withdraw and improve its eBook Reader at least once before to impede decryption. A software arms race was imminent. Adobe would try to strengthen its defenses. Then Elcomsoft would quickly find a way to get past its rudimentary encryption scheme again and so on. Adobe has opted to employ the service of lawyers and federal agents instead of better engineers.
       This is the second case of a person being charged with a criminal violation of the DMCA, which became law in 1998. The most onerous provision of the act makes it illegal to circumvent any protection measure that a copyright holder puts around digital files to regulate access.
       Most of the controversies about this law have been civil cases. Journalists for the hacker magazine 2600 have been fighting an injunction in federal court that prevents them from linking to web sites that carry code that would circumvent access control software on digital video discs. And more recently, Princeton computer science professor Edward Felten was threatened with legal action when he announced plans to discuss his encryption research that dealt with digital watermarking of music files.
       In both these civil cases the mere threat of enforcement of the DMCA stifled free speech. The Slyarov case is different, though. Elcomsoft is a for-profit venture that sold its product. Felten and 2600 were just doing their jobs as scholars and journalists.

                       The law is clear. If you traffic in anticircumvention devices for profit, you have committed a federal crime that might cost you up to $500,000 and five years in prison. So the FBI and federal attorneys had no choice. Adobe wanted this man arrested. So they had to arrest him.
       The problem is the law itself. When Congress considered the DMCA in 1998, it did so recklessly. Some public interest advocates warned at the time that the law was too strong, that it would stifle research, free expression, scholarship, teaching, and even commerce in new technologies that had yet to emerge. But Congress paid little mind to public interest concerns at the time. They were busy making the digital world safe for established software companies and movie studios.
       Now, after several embarrassing high-profile cases, Congress must realize it made a big mistake by giving so much power to a handful of companies and taking away important rights from so many more users.

                       What makes some programmers good guys and others bad guys? Well, to be on the right side of the DMCA, one should be established and American. One must have already rolled out a product and hired some good lawyers. To try to sell a new product that might disrupt the market for an established product could be a crime. Instead of forcing Adobe to make a better product, the DMCA lets it ride with an inferior one. The DMCA was intended to encourage innovation. Instead, it stifles it.
       Still, Sklyarov and Elcomsoft did not commit any crimes while visiting the United States. What Sklyarov did, he did in Russia, which has no such law. It sure could look like his arrest was a strike against non-American software firms, a nasty protectionist move.
       The United States adopted the DMCA after a 1997 meeting of representatives of 127 nations gathered in Switzerland to draft the World Intellectual Property Organization (WIPO) treaty. At the behest of media industries, delegates strove to standardize and strengthen copyright protection globally. They hoped to provide strong incentives for companies to roll out digital products with confidence. And they hoped to change the cultures of some corners of the globe where copyright laws did not seem to matter much. Fortunately, the world is not standardized yet. Canada and the European Union are currently debating revising copyright laws to conform to the WIPO treaty. And many other nations will take years to institute provisions like the DMCA. And in some areas, the United States has more user-friendly, democratic copyright provisions.
       But every effort to standardize and globalize meets strong resistance from those who suspect they might come out on the short end of such processes. So it should come as no surprise that Russian software engineers are willing to take advantage of legal differences between nations to try to get a foothold in the global economy. This is not going to be the last of these battles. Nor will Sklyarov me the last person jailed without bail for the crime of being a good programmer who decided to visit Las Vegas.
       The Sklyarov case is the latest chapter in the rocky story of the electronic book market. Publishers and distributors are betting that consumers are going to like reading electronic files on their computers. They hope we appreciate the price and convenience, the electronic indexing and bookmarking features, and the fact that one laptop can tote a shelf full of textbooks with no extra weight. Of course, there is no reason to believe people will actually like these products. But there is a lot of faith out there.
       Still, publishers would love to be able to instantly deliver their wares in a format that many people could use, that would prevent unauthorized reading and copying, and would cost almost nothing for each additional copy.
       Paper books are expensive to produce. And publishers never know how many to print. Too often, they get caught with an expensive surplus and take a big financial hit when hundreds or thousands of unsold copies are returned from stores.
       But the challenge of e-books is encryption. Selling one unencrypted biology e-textbook to one student in a 300-person class might result in just one sale if the other 299 get an unauthorized copy. Today, most students buy used books or pool their resources to buy one book for many students and share photocopies.
       Publishers would breathe easier if they knew that every reader had to buy her own copy of a digital book. If they could tie a digital file to a particular computer (and perhaps make it disappear after a certain time or number of reads), they could recapture what they see as the "losses" of the real book economy - lending, re-reading, photocopying, and reselling used books.
       There are two dominant encryption-enhanced "reader" formats on the market right now. Adobe makes one and Microsoft makes another. Neither works with the others' text files. Both readers are available at no financial cost.

       But encryption comes at a high cost to users nonetheless. When we buy encrypted products, we limit what we can do with them. We sign away our rights of fair use. Music companies this month began secretly shipping compact discs with copy protection systems on them, thus preventing consumers from making legal MP3 copies for their home computers and portable music players. We can't tell which CDs will have the onerous code until we try to exercise out rights.    
Talk back
    While Russian and American programmers fight the encryption cold war, we can decide as consumers not to support the arms race at all. If the producers would tell us which products are encrypted, we could avoid them.
       If I want to download and read the e-book, "Enterprise Network Security Guidelines: Prevention and Response to Hacker Attacks," it would be no problem. I would pay an online retailer $132 and it would come over as an unencrypted PDF file. I could read it on my Macintosh G4 desktop computer, or share the file with my PowerBook laptop and read it on the road.
       But if I want to download and read "The Unofficial Business Traveler's Pocket Guide: 165 Tips Even the Best Business Travelers May Not Know," I would be out of luck. This file, which costs less than $10, only comes in the encrypted Adobe Acrobat eBook Reader format.
       And only Microsoft Windows machines can use the reader. To read that file on my Mac, I would need some decryption software, and I would be breaking the law just by reading something I lawfully purchased.
       Some day soon, Adobe might roll out a Macintosh version of its reader. But my friends who use the GNU/LINUX operating system are probably shut out of the e-book world without decryption software like Advanced eBook Processor.
       Fortunately, I can read PDF files on my computer. So instead of buying any e-books that require encryption-enhanced readers, I bought an unencrypted PDF copy of Aldous Huxley's "Brave New World" for less than $10. I also have an old paper copy of George Orwell's "1984."
       Let me know if you would like to borrow it.
Siva Vaidhyanathan, a cultural historian and media scholar, is the author of "Copyrights and Copywrongs: The Rise of Intellectual Property and How it Threatens Creativity." He teaches information studies at the University of Wisconsin at Madison.